How to control and remove third-party applications using whitelisting in a software configuration

Article ID: KB05392

Type: Support Content

Last Modified: 03-01-2013

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry Enterprise Server for Novell GroupWise
CollapseEnvironment
  • BlackBerry Enterprise Server 4.0 to 5.0
CollapseOverview

This article explains how to set up a software configuration to control and remove third-party applications from a BlackBerry smartphone. All applications that are assigned the Required or Optional policy (created in the following procedure) will be installed on the BlackBerry smartphone. All other applications will be restricted and cannot be installed.

Note: When using application control policy to whitelist/blacklist applications, the IT Policy rule Disallow Third Party Application Downloads should not be enabled, as the Disposition of each application will control what software can or cannot be installed on the BlackBerry Smartphones.

Note: There is a delay when third-party applications are pushed to the BlackBerry smartphone. To immediately poll for missing applications on a BlackBerry smartphone, open the BlackBerry Manager, right-click the BlackBerry smartphone user, and select Deploy Applications. This feature is available in BlackBerry Enterprise Server 4.1 SP4 to SP7. See KB14188 for more information about Deploy Applications. The option to deploy applications immediately isn't available in BlackBerry Enterprise Server version 5.0.

Note: The BlackBerry smartphone user can delete applications that are installed automatically on the BlackBerry smartphone.

To control and remove third-party applications using a software configuration, complete the following tasks:

BlackBerry Enterprise Server 4.0 to 4.1 SP7

Task 1: Index the third-party applications

  1. On the computer that is hosting the BlackBerry Enterprise Server, go to C:\Program Files\Common Files\Research In Motion\Shared .
  2. Create a folder called Applications.

    Note: If unable to create this folder on the computer hosting the BlackBerry Enterprise Server, install the BlackBerry Desktop Software.

  3. In the Applications folder, create a folder called <application_name>.
  4. Copy the BlackBerry smartphone installation files (the .alx and .cod files) to the <application_name> folder.
  5. To index the applications listed in this folder, open a command prompt and type cd C:\Program Files\Common Files\Research In Motion\AppLoader.
  6. Type Loader.exe /index and click ENTER.
  7. Share the C:\Program Files\Common Files\Research In Motion\ folder on the network as Read-only.

Note: To add new software to the existing indexed software list, run the Loader.exe /reindex command to reindex all the applications and have the new application listed in the software configuration screen.

Task 2: Create the software configuration

  1. Complete one of the following tasks:
    • For BlackBerry Enterprise Server 4.0 and earlier, open the BlackBerry Handheld Configuration Tool and select the Configurations tab.
    • For BlackBerry Enterprise Server 4.1, open BlackBerry Manager and select the Software Configurations tab.
  2. In the Common tasks menu, click Add New Configuration.
  3. Add a Configuration Name and Configuration Description.
  4. In the Handheld Software Location or Device Software Location field, specify the shared directory described in Step 7 of Task 1 by clicking Change. After this is entered, all indexed software will be listed under the Application Name section.

    Note: A local drive cannot be chosen for this step. Use the \\<servername>\<sharename> format instead.

  5. Click Policies and create a new policy called Disallowed.
  6. In the Application Control Policy window, change the Disposition field to Disallowed and click OK.
  7. Click Policies and create a new policy called Optional.
  8. In the Application Control Policy window, change the Disposition field to Optional and click OK.
  9. Click Policies and create a new policy called Required.
  10. In the Application Control Policy window, change the Disposition field to Required and click OK.
  11. Click OK.
  12. In the Device Software Configuration window, click the Policy drop-down list and select the Disallowed policy.

    Note: This prevents all software from being installed on a specified BlackBerry smartphone. Any restricted software that is currently installed on a BlackBerry smartphone will be automatically removed by this software policy. 

  13. To view all software that has been indexed, expand the Application Software heading. Then assign either the Required or Optional policy to each application listed.

    Note: If an application is installed on the BlackBerry smartphone using a software configuration with the Required policy, the BlackBerry smartphone user should not be able to remove the application manually.  

  14. Click OK to close the Handheld Software Configuration or Device Software Configuration screen.
  15. In BlackBerry Enterprise Server 4.1, complete the following steps:
    1. Select the BlackBerry smartphone user or the BlackBerry smartphone user group.
    2. Under Device Management, in the Tasks list, select Assign Software Configuration.
    3. On the Select a software configuration screen, select the software configuration and click OK.

Note: The software configuration allows multiple BlackBerry smartphone users to be selected when assigning the configuration. To select multiple BlackBerry smartphone users, press the Ctrl key or the Shift key.


BlackBerry Enterprise Server 5.0


Task 1: Publish the Application.

  1. In the BlackBerry Administration Service, on the left-pane, under BlackBerry solution management, expand Software.
  2. Expand Applications.
  3. Select Add or Update Applications.
  4. Browse to a ZIP file containing the ALX and COD you wish to deploy, and click Next.
  5. Click Publish Application.

Task 2: Create the Software Configuration.

  1. In the left-pane, under BlackBerry solution management, expand Software.
  2. Select Create a software configuration.
  3. Enter the name of the software configuration.
  4. Set the Disposition for unlisted Applications to Disallowed.
  5. Click Save.

Task 3: Add allowed applications to the software configuration.

  1. In the left-pane, under BlackBerry solution management, expand Software.
  2. Select Manage software configurations.
  3. Select the name of the newly created software configuration.
  4. Click Edit software configuration.
  5. Click the Applications tab.
  6. Click Add Applications To Software Configuration.
  7. Click Search.
  8. Check the box beside the name of the new software configuration application.
  9. Set the Disposition to Required or Optional.
  10. Set the Deployment to Wireless.
  11. Verify the Application control policy is set to the same setting as the Disposition in the above step 9.
  12. Click Add to Software Configuration.
  13. Click Save All.

Task 4: Assign the Software Configuration.

To assign the Software Configuration to a BlackBerry smartphone user.

  1. In the left-pane, under BlackBerry solution management, expand User.
  2. Click Manage users.
  3. Click Search.
  4. Click on a user account.
  5. Click on the Software Configuration tab.
  6. Click Edit User.
  7. Under Available software configurations, select the software configuration.
  8. Click Add.
  9. The software configuration should then appear under Current software configurations.
  10. Click Save all.

To assign the Software Configuration to a group.

  1. In the left-pane, under BlackBerry solution management, expand Group.
  2. Click Manage groups.
  3. Click on a group.
  4. Click on the Software Configuration tab.
  5. Click Edit User.
  6. Under Available software configurations, select the software configuration.
  7. Click Add.
  8. The software configuration should then appear under Current software configurations.
  9. Click Save all.

To confirm the status of the software configuration  

  1. Select Manage users
  2. select the user that the software configuration was pushed to
  3. select the Software Configuration tab
  4. Click view resolved applications
  5. Confirm that the application that was pushed out is listed in the Resolved Applications tab
  6. If the application that was pushed out is not listed under the Resolved Applications tab then click the Other Configured Applications tab.  This tab will contain information on why the application was not applied to the users device.

CollapseAdditional Information

If multiple versions of an application need to be removed, then all versions of that application need to be loaded into a Software Configuration to then be flagged as Disallowed.

 

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.